WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] XEN and ipq_read

To: "plamen .." <paco078@xxxxxx>
Subject: Re: [Xen-devel] XEN and ipq_read
From: Pasi Kärkkäinen <pasik@xxxxxx>
Date: Tue, 27 Apr 2010 12:05:08 +0300
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 27 Apr 2010 02:07:08 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <340661326.4879.1272357093666.JavaMail.apache@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <340661326.4879.1272357093666.JavaMail.apache@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17)
On Tue, Apr 27, 2010 at 11:31:33AM +0300, plamen .. wrote:
>  Hi all,
> 
> I'm using Ubuntu Hardy, Xen version 3.2.1-rc1-pre, Dom0 kernel 2.6.24-27-xen, 
> PV DomU kernel 2.6.24-27-xen. 
> 
> I'm setting DomU as a router having iptables 1.3.8. I put an IDS system Snort 
> in inline mode (IPS) on the router, which is configured to retrieve specific 
> packets from kernel (iptables ... -j QUEUE and ip_queue module). At first 
> snort started to report errors on each received packet. After a little bit of 
> debugging and doing a sample application to test ipq_read() I found that raw 
> data sent from kernel contains about 24 bytes more than expected. The 
> additional bytes are in the meta data structure before the real packet 
> content. This breaks raw data parsing. After a little bit of additional 
> debugging I noticed that this happens only on Xen DomU VMs. On Dom0 it work 
> fine, on other servers not running Xen it works also fine. 
> 
> Currently I'm about to install rtr DomU as HVM and I think it will work fine, 
> but I don't want to leave it like this in production. 
> 
> Is there any reason in xen kernel to break sending packets from kernel to 
> user space through the ip_queue module ? If so is there any way to work 
> around this issue ?
> 

Did you try disabling all network offloading settings in the domU? 
(and if that doesn't help, then also in all interfaces/bridges/vifs on dom0).

Other than that you might want to upgrade your Xen and kernels, they're pretty 
old
and known to have problems/bugs. 

(Only the kernel versions should affect packet processing though).

-- Pasi


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>